NATIONAL CYBER SECURITY STRATEGY

Copyright infringement is not intended

Context: Amid a surge in cyberattacks on India’s networks, the Centre is yet to implement the National Cyber Security Strategy which has been in the works since 2020.

What is the National Cyber Security Strategy?

• It was conceptualised by the Data Security Council of India (DSCI), headed by Lt General Rajesh Pant report that focuses on 21 areas to ensure a safe, secure, trusted, resilient, and vibrant cyberspace for India.
• The main sectors of focus of the report are:
• Large scale digitisation of public services that focus on security in the early stages of design in all digitisation initiatives, developing institutional capability for assessment, evaluation, certification, and rating of the core devices and timely reporting of vulnerabilities and incidents.
• Supply chain security: Monitoring and mapping of the supply chain of the Integrated circuits (ICT) and electronics products, scaling up product testing and certification.
• Critical information infrastructure protection: Integrating Supervisory control and data acquisition (SCADA) security with enterprise security, monitoring digitisation of devices, evaluating security devices, maintaining a repository of vulnerabilities
• Digital payments: Mapping and modeling of devices and platform deployed, supply chain, transacting entities, payment flows, interfaces and data exchange, timely disclosure of vulnerabilities
• State-level cyber security: Developing state-level cybersecurity policies, allocation of dedicated funds, critical scrutiny of digitization plans, guidelines for security architecture, operations, and governance
• Security of small and medium businesses: Policy intervention in cybersecurity granting incentives for higher level of cybersecurity preparedness, developing security standards, frameworks, and architectures for the adoption of Internet of Things (IoT) and industrialisation

What steps does the report suggest?

• Budgetary provisions: A minimum allocation of 0.25% of the annual budget, which can be raised upto 1% has been recommended to be set aside for cyber security. Setting up a Fund of Funds for cybersecurity and provide Central funding to States to build capabilities in the same field.
• Research, innovation, skill-building and technology development: The report suggests investing in modernisation and digitisation of Integrated Circuits (ICT), set up a short and long term agenda for cyber security via outcome-based programs and provide investments deep-tech cyber security innovation.
• A national framework should be set in collaboration with institutions like National Skill Development Corporation (NSDC) and ISEA (Information Security Education and Awareness) to provide global professional certifications in security.
• Crisis management: For adequate preparation to handle crisis, holding cybersecurity drills which include real-life scenarios with their ramifications. To identify possible weakness and exploitations in systems, DSCI recommend sharing of threat information between government departments.
• Cyber insurance: To address cybersecurity risks in business and technology scenarios as well as calculate threat exposures DSCI recommends developing cyber insurance products for critical information infrastructure and quantify the risks involving them.
• Cyber diplomacy: Cyber diplomacy plays a huge role in shaping India’s global relations. Hence cyber security preparedness of key regional blocks like BIMSTEC and SCO must be ensured via programs, exchanges and industrial support.
• Cybercrime investigation: With the increase in cybercrime across the world, the report recommends unburdening the judicial system by creating laws to resolve spamming and fake news.
• DSCI suggests advanced forensic training for agencies to keep up in the age of AI/ML, Blockchain, IoT, Cloud, Automation. The report also suggests creating a special cadre of Cybercrime investigators.

Why does India need a cybersecurity strategy?

• As per American cybersecurity firm Palo Alto Networks’ 2021 report, Maharashtra was the most targeted state in India — facing 42% of all ransomware attacks.
• The report stated that India is among the more economically profitable regions for hacker groups and hence these hackers ask Indian firms to pay a ransom, usually using cryptocurrencies, in order to regain access to the data.
• One in four Indian organisations suffered a ransomware attack in 2021 — higher than the global average of 21%.
• Software and services (26%), capital goods (14%) and the public sector (9%) were among the most targeted sectors. An increase in such attacks has brought to light the urgent need for strengthening India’s cybersecurity.